LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 12-27-2005, 11:45 PM   #1
dongb
LQ Newbie
 
Registered: Aug 2003
Posts: 2

Rep: Reputation: 0
help: Executable file is modified when it is running.


We are doing LRT for a service program on Redhat AS4.0. After about 30
hours running, one of the shared library file was modified. The running
instance goes OK, but any attemp to start another instance of the
service results to SIG_SEGV.

We used objdump to disasmble the libary files, and found the difference between the modified file and the original one.
No difference can be found by ls. The timestamp, size, etc. of the file
are all the same.

Is there any possibility any system procedure, e.g. ld.so, could modify the
file automatically?

Thanks a lot.

The following is the diff of the disasm files.
====================================================================
2c2
< libWeMake.original.so: file format elf32-i386
---
> libWeMake.so: file format elf32-i386
8598c8598
< 4a7f: e9 10 f7 ff ff jmp 4194 <_init+0x18>
---
> 4a7f: e9 01 f7 ff ff jmp 4185 <_init+0x9>
8603c8603
< 4a8f: e9 00 f7 ff ff jmp 4194 <_init+0x18>
---
> 4a8f: e9 ac f7 ff ff jmp 4240 <strdup@plt+0xc>
8606c8606
< 4a94: ff a3 48 02 00 00 jmp *0x248(%ebx)
---
> 4a94: ff a3 48 02 99 00 jmp *0x990248(%ebx)
8608c8608
< 4a9f: e9 f0 f6 ff ff jmp 4194 <_init+0x18>
---
> 4a9f: e9 00 f6 ff ff jmp 40a4 <_init-0xd8>
8611c8611
< 4aa4: ff a3 4c 02 00 00 jmp *0x24c(%ebx)
---
> 4aa4: ff a3 4c 02 b4 00 jmp *0xb4024c(%ebx)
8613c8613
< 4aaf: e9 e0 f6 ff ff jmp 4194 <_init+0x18>
---
> 4aaf: e9 34 f6 ff ff jmp 40e8 <_init-0x94>
8758c8758
< 4c7f: e9 10 f5 ff ff jmp 4194 <_init+0x18>
---
> 4c7f: e9 00 f5 ff ff jmp 4184 <_init+0x8>
8762c8762
< 4c90: 55 push %ebp
---
> 4c90: 2f das
8766c8766
< 4c95: e8 00 00 00 00 call 4c9a <call_my_start+0xa>
---
> 4c95: e8 00 00 5a 00 call 5a4c9a <_end+0x59071a>
8768c8768
< 4c9b: 81 c3 2e f3 00 00 add $0xf32e,%ebx
---
> 4c9b: 81 c3 2e f3 00 31 add $0x3100f32e,%ebx
8770c8770
< 4ca7: 85 c0 test %eax,%eax
---
> 4ca7: 85 0f test %ecx,(%edi)
8774,8775c8774
< 4cb0: c9 leave
< 4cb1: c3 ret
---
> 4cb0: a8 c3 test $0xc3,%al
8781,8782c8780
< 4cb8: 90 nop
< 4cb9: 90 nop
---
> 4cb8: 78 90 js 4c4a
====================================================================

The related part of the original file is as following.
====================================================================
8595 00004a74 <semctl@plt>:
8596 4a74: ff a3 40 02 00 00 jmp *0x240(%ebx)
8597 4a7a: 68 68 04 00 00 push $0x468
8598 4a7f: e9 10 f7 ff ff jmp 4194 <_init+0x18>
8599
8600 00004a84 <my_sem_lock__Fi@plt>:
8601 4a84: ff a3 44 02 00 00 jmp *0x244(%ebx)
8602 4a8a: 68 70 04 00 00 push $0x470
8603 4a8f: e9 00 f7 ff ff jmp 4194 <_init+0x18>
8604
8605 00004a94 <my_write__FP6_stPci@plt>:
8606 4a94: ff a3 48 02 00 00 jmp *0x248(%ebx)
8607 4a9a: 68 78 04 00 00 push $0x478
8608 4a9f: e9 f0 f6 ff ff jmp 4194 <_init+0x18>
8609
8610 00004aa4 <my_get_key__FPcPPcPii@plt>:
8611 4aa4: ff a3 4c 02 00 00 jmp *0x24c(%ebx)
8612 4aaa: 68 80 04 00 00 push $0x480
8613 4aaf: e9 e0 f6 ff ff jmp 4194 <_init+0x18>
8614
...
8755 00004c74 <myfree__FP7myGroupPcRi@plt>:
8756 4c74: ff a3 c0 02 00 00 jmp *0x2c0(%ebx)
8757 4c7a: 68 68 05 00 00 push $0x568
8758 4c7f: e9 10 f5 ff ff jmp 4194 <_init+0x18>
8759 Disassembly of section .text:
8760
8761 00004c90 <call_gmon_start>:
8762 4c90: 55 push %ebp
8763 4c91: 89 e5 mov %esp,%ebp
8764 4c93: 53 push %ebx
8765 4c94: 50 push %eax
8766 4c95: e8 00 00 00 00 call 4c9a <call_gmon_start+0xa>
8767 4c9a: 5b pop %ebx
8768 4c9b: 81 c3 2e f3 00 00 add $0xf32e,%ebx
8769 4ca1: 8b 83 98 03 00 00 mov 0x398(%ebx),%eax
8770 4ca7: 85 c0 test %eax,%eax
8771 4ca9: 74 02 je 4cad <call_my_start+0x1d>
8772 4cab: ff d0 call *%eax
8773 4cad: 8b 5d fc mov 0xfffffffc(%ebp),%ebx
8774 4cb0: c9 leave
8775 4cb1: c3 ret
8776 4cb2: 89 f6 mov %esi,%esi
8777 4cb4: 90 nop
8778 4cb5: 90 nop
8779 4cb6: 90 nop
8780 4cb7: 90 nop
8781 4cb8: 90 nop
8782 4cb9: 90 nop
8783 4cba: 90 nop
====================================================================
 
Old 12-29-2005, 01:19 AM   #2
foo_bar_foo
Senior Member
 
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 53
that's out there
i don't understand how you have both original and modification to look at (from backup ?)

AFAIK shared library files in use are marked as immutable to
prevent modification. Any attempt to modify the library results in a
ETXTBSY (Text file busy) error message. even for root i think.
but the file can be replaced while it is running !

if the file was updated/replaced the origin file that is in use will get its directory link unlinked but will continue to function and stay on disk. but only the process that actually holds an open file descriptor on the original library (the original process) sees the first file. any new process sees the new file (i think).
but you have to wonder how the memory system is going to deal with trying to run or load two identicaly name libs with the same symbols but in slightly different relative positions or slightly different code sequences.
segfault sounds about right for that.

i hate to give advice in a situation i know so little about so of course follow my advice with caution but i think i would reboot.

Last edited by foo_bar_foo; 12-29-2005 at 01:21 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Running a Java executable class from another executable class LUB997 Programming 22 07-24-2005 05:57 AM
Running an executable. wesleyarchbell Linux - Software 4 05-03-2005 04:50 AM
Running Windows Executable File in Fedora Core 2 sagar Linux - Software 1 11-06-2004 09:04 AM
running an executable wogga Linux - Software 8 06-12-2004 05:21 AM
running an executable aznamvet Linux - Software 5 06-10-2004 08:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 06:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration